dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renamed to missingac

Browse Source
This commit is contained in:
Àngel Ollé Blázquez
2022-07-30 19:56:43 +02:00
parent e0a0a80ad9
commit 4f911c64a1
21 changed files with 36 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/DisplayUser.java → src/main/java/org/owasp/webgoat/lessons/missingac/DisplayUser.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import lombok.Getter; import lombok.Getter;

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingAccessControlUserRepository.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingAccessControlUserRepository.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.owasp.webgoat.container.LessonDataSource; import org.owasp.webgoat.container.LessonDataSource;
import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.RowMapper;

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionAC.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionAC.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.owasp.webgoat.container.lessons.Category; import org.owasp.webgoat.container.lessons.Category;
import org.owasp.webgoat.container.lessons.Lesson; import org.owasp.webgoat.container.lessons.Lesson;

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACHiddenMenus.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenus.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint; import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints; import org.owasp.webgoat.container.assignments.AssignmentHints;

8
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACUsers.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsers.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -34,13 +34,13 @@ import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_ADMIN;
import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
/** /**
* Created by jason on 1/5/17. * Created by jason on 1/5/17.
*/ */

7
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHash.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHash.java
View File

@ -20,9 +20,12 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint; import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints; import org.owasp.webgoat.container.assignments.AssignmentHints;
import org.owasp.webgoat.container.assignments.AttackResult; import org.owasp.webgoat.container.assignments.AttackResult;
@ -30,8 +33,6 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
@RestController @RestController
@AssignmentHints({"access-control.hash.hint1", "access-control.hash.hint2", "access-control.hash.hint3", "access-control.hash.hint4", "access-control.hash.hint5"}) @AssignmentHints({"access-control.hash.hint1", "access-control.hash.hint2", "access-control.hash.hint3", "access-control.hash.hint4", "access-control.hash.hint5"})
@RequiredArgsConstructor @RequiredArgsConstructor

6
src/main/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHashAdmin.java → src/main/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdmin.java
View File

@ -20,7 +20,9 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_ADMIN;
import org.owasp.webgoat.container.assignments.AssignmentEndpoint; import org.owasp.webgoat.container.assignments.AssignmentEndpoint;
import org.owasp.webgoat.container.assignments.AssignmentHints; import org.owasp.webgoat.container.assignments.AssignmentHints;
@ -29,8 +31,6 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN;
@RestController @RestController
@AssignmentHints({"access-control.hash.hint6", "access-control.hash.hint7", @AssignmentHints({"access-control.hash.hint6", "access-control.hash.hint7",
"access-control.hash.hint8", "access-control.hash.hint9", "access-control.hash.hint10", "access-control.hash.hint11", "access-control.hash.hint12"}) "access-control.hash.hint8", "access-control.hash.hint9", "access-control.hash.hint10", "access-control.hash.hint11", "access-control.hash.hint12"})

2
src/main/java/org/owasp/webgoat/lessons/missing_ac/User.java → src/main/java/org/owasp/webgoat/lessons/missingac/User.java
View File

@ -1,4 +1,4 @@
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Data; import lombok.Data;

0
src/main/resources/lessons/missing_ac/css/ac.css → src/main/resources/lessons/missingac/css/ac.css
View File

0
src/main/resources/lessons/missing_ac/db/migration/V2021_11_03_1__ac.sql → src/main/resources/lessons/missingac/db/migration/V2021_11_03_1__ac.sql
View File

0
src/main/resources/lessons/missing_ac/documentation/missing-function-ac-01-intro.adoc → src/main/resources/lessons/missingac/documentation/missing-function-ac-01-intro.adoc
View File

0
src/main/resources/lessons/missing_ac/documentation/missing-function-ac-02-client-controls.adoc → src/main/resources/lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc
View File

0
src/main/resources/lessons/missing_ac/documentation/missing-function-ac-03-users.adoc → src/main/resources/lessons/missingac/documentation/missing-function-ac-03-users.adoc
View File

0
src/main/resources/lessons/missing_ac/documentation/missing-function-ac-04-users-fixed.adoc → src/main/resources/lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc
View File

8
src/main/resources/lessons/missing_ac/html/MissingFunctionAC.html → src/main/resources/lessons/missingac/html/MissingFunctionAC.html
View File

@ -1,12 +1,12 @@
<html xmlns:th="http://www.thymeleaf.org"> <html xmlns:th="http://www.thymeleaf.org">
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missing_ac/documentation/missing-function-ac-01-intro.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-01-intro.adoc"></div>
</div> </div>
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/> <link rel="stylesheet" type="text/css" th:href="@{/lesson_css/ac.css}"/>
<div class="adoc-content" th:replace="doc:lessons/missing_ac/documentation/missing-function-ac-02-client-controls.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-02-client-controls.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<nav class="navbar navbar-default"> <nav class="navbar navbar-default">
@ -70,7 +70,7 @@
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missing_ac/documentation/missing-function-ac-03-users.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-03-users.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
@ -92,7 +92,7 @@
<div class="lesson-page-wrapper"> <div class="lesson-page-wrapper">
<div class="adoc-content" th:replace="doc:lessons/missing_ac/documentation/missing-function-ac-04-users-fixed.adoc"></div> <div class="adoc-content" th:replace="doc:lessons/missingac/documentation/missing-function-ac-04-users-fixed.adoc"></div>
<div class="attack-container"> <div class="attack-container">
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div> <div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>

0
src/main/resources/lessons/missing_ac/i18n/WebGoatLabels.properties → src/main/resources/lessons/missingac/i18n/WebGoatLabels.properties
View File

10
src/test/java/org/owasp/webgoat/lessons/missing_ac/DisplayUserTest.java → src/test/java/org/owasp/webgoat/lessons/missingac/DisplayUserTest.java
View File

@ -20,14 +20,14 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
import org.assertj.core.api.Assertions; import org.assertj.core.api.Assertions;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.owasp.webgoat.lessons.missing_ac.DisplayUser; import org.owasp.webgoat.lessons.missingac.DisplayUser;
import org.owasp.webgoat.lessons.missing_ac.User; import org.owasp.webgoat.lessons.missingac.User;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_SIMPLE;
class DisplayUserTest { class DisplayUserTest {

3
src/test/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACHiddenMenusTest.java → src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACHiddenMenusTest.java
View File

@ -20,7 +20,7 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
@ -28,6 +28,7 @@ import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoExtension;
import org.owasp.webgoat.container.assignments.AssignmentEndpointTest; import org.owasp.webgoat.container.assignments.AssignmentEndpointTest;
import org.owasp.webgoat.lessons.missingac.MissingFunctionACHiddenMenus;
import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;

4
src/test/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACUsersTest.java → src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACUsersTest.java
View File

@ -20,13 +20,13 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.owasp.webgoat.container.plugins.LessonTest; import org.owasp.webgoat.container.plugins.LessonTest;
import org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC; import org.owasp.webgoat.lessons.missingac.MissingFunctionAC;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;

10
src/test/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionACYourHashAdminTest.java → src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionACYourHashAdminTest.java
View File

@ -1,18 +1,18 @@
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.owasp.webgoat.container.plugins.LessonTest; import org.owasp.webgoat.container.plugins.LessonTest;
import org.owasp.webgoat.lessons.missing_ac.DisplayUser; import org.owasp.webgoat.lessons.missingac.DisplayUser;
import org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC; import org.owasp.webgoat.lessons.missingac.MissingFunctionAC;
import org.owasp.webgoat.lessons.missing_ac.User; import org.owasp.webgoat.lessons.missingac.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
import static org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC.PASSWORD_SALT_ADMIN; import static org.owasp.webgoat.lessons.missingac.MissingFunctionAC.PASSWORD_SALT_ADMIN;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

4
src/test/java/org/owasp/webgoat/lessons/missing_ac/MissingFunctionYourHashTest.java → src/test/java/org/owasp/webgoat/lessons/missingac/MissingFunctionYourHashTest.java
View File

@ -20,13 +20,13 @@
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects. * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.
*/ */
package org.owasp.webgoat.lessons.missing_ac; package org.owasp.webgoat.lessons.missingac;
import org.hamcrest.CoreMatchers; import org.hamcrest.CoreMatchers;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.owasp.webgoat.container.plugins.LessonTest; import org.owasp.webgoat.container.plugins.LessonTest;
import org.owasp.webgoat.lessons.missing_ac.MissingFunctionAC; import org.owasp.webgoat.lessons.missingac.MissingFunctionAC;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.test.web.servlet.setup.MockMvcBuilders;